NTT DATA’s Digital Trusted Identity Services (DTIS)

Azure Active Directory – Cloud, On-Premise and Hybrid

Stan Riemer (Security Portfolio Specialist)

Ramesh Gupta (Portfolio Leader – IAM)

June 2023 © 2021 NTT DATA, Inc. All rights reserved.

 330,000+ $108B 80+ #83
Professionals in annual revenue Countries Fortune
& Regions Global 500

Serves
Investing

$3.6B +75%
Fortune Title Sponsor
in R&D
Global 100 Since 2019

Global Strength of NTT Companies

NTT is one of the largest global technology and business solutions companies, with 150+
year heritage of innovation. Ranked one of the world’s most valuable brands, it is the
holding company for all NTT businesses worldwide, including NTT DATA.

© 2023 NTT DATA Americas, Inc. All rights reserved. 2

 190,000+ $30B 50+ Top 10
Professionals in annual revenue Countries & regions Most valuable IT
services brands

Trusted Global Innovator

NTT DATA is a top 10 global business and IT services provider with business operations in
more than 50 countries and regions. The parent of NTT DATA Services, the business was
established in 1967 as the IT services arm of NTT and became a public company in 1995.

© 2023 NTT DATA Americas, Inc. All rights reserved. 3

Business and IT Solutions With Deep Vertical & Domain Expertise
Client Priorities

Digital Experiences Workforce Transformation Business Resilience Data-Driven Enterprise

Industry, Technology & Business Consulting

Financial Insurance Manufacturing & Health Health Life Commercial Public

Services Automotive Plan Provider Sciences Sector

Digital Transformation Digital Operations

Application Development Digital Workplace
Enterprise Applications Application Management
& Modernization Services

Hybrid Infrastructure
Data & Intelligence Cloud Transformation BPO & BPaaS
Managed Services

Network & Cybersecurity

Nucleus Intelligent Enterprise Platform

© 2023 NTT DATA Americas, Inc. All rights reserved. 4
Secure your Identities with Azure AD
SaaS apps

HR apps
Cloud-hosted
Azure AD apps

On-premises and
web apps

On-premises
Active Directory
End-to-End Azure AD Capability: Empowering Clients with Technology Solutions

Phase 1 Phase 2 Phase 3

Plan / Advise Build / Implement Run / Manage
•Communications and Implementation Plan
• Organizational Readiness Assessment • Develop and track success factors
•Roll out feature set and automation
• Feature set recommendation • Operationalization
•Integrate into existing tools
• Defined Identity Policies • Optimization
•Pilot program and full roll out
• Audit Support
Output: Design Guide
Output: Implementation plan
Output: Automation scripts and SOPs

We realize that culture change - combined with implementing

new technology - is one of the most difficult challenges
leadership faces. We understand that It requires a deep Reinforcement
commitment to personal, organizational, and technological
Ongoing training, improvements and updates software Awareness
change and a significant investment of both time and help our clients adopt the newest DTI strategies
resources. We work with our clients to: Demonstrates the need for a
change to a simpler system
Establish a clear, strategic vision Ability
Empowers clients to master all of
Model changes at the highest levels the benefits with a new access
management system DTIS
Teach the new behaviors / offer Knowledge Desire
opportunities for practice
Learn and understand the new Our technology creates the
technology and all benefits desire to transition to a new
Commit to the long term system

© 2021 NTT DATA, Inc. All rights reserved. 6

Plan - NTT DATA Azure Active Directory (AAD) Advisory Engagement Overview
Identity and Access Management
Review
• Deliver an Identity workshop to
identify elements of the existing
Identity and Access Management
(IAM) architecture.
• Discuss business concerns and
requirements around identity
• Output – IAM evaluation report and
top line objectives, concerns and
requirements
Driving Application Adoption
• Compare methods for delivering
applications to end users via Azure
AD.
• Discuss Single Sign On (SSO) and
provisioning users into 3rd party apps
• Review use of Azure AD
authentication in building
applications
• Output – identify key LOB apps that
can leverage AAD SSO and
implementation strategy
Intro to Azure Active Directory
• Review features and functionality of
Azure Active Directory and how
these can be used to securely
manage identities and assets
• Discuss how Azure AD capabilities
can address your concerns and
specific goals to accomplish
• Output - prioritized list of objectives
Engage with External Users
• Determine use cases for external
partners and customers requiring
access to internal resources
• Design options for B2B and B2C
scenarios
• Output - defined policies that meet
customer data security and identity
lifecycle manageability objectives
User Identity Provisioning
• Review current user provisioning
process
• Discuss options for provisioning and
authenticating user identities in
Azure AD, including Azure AD
Connect, ADFS, AD DS, etc..
• Output - defined recommendations
for managing identity provisioning
and authentication options
Securing Identities
• Discuss use of self-service password
reset, Multifactor authentication,
Conditional Access, Privileged
Identity Management and Managed
Identities in Azure AD to ensure
security of user and admin accounts
• Output - agree on set of technical
controls to design and implement for
identity protection
Deploy and Manage Devices
• Identify options and benefits of
different device join scenarios, such
as Azure AD Join and Hybrid Azure
AD Join
• Discuss Enterprise State Roaming
and possible deployment options
• Output - defined policies that meet
your device management and data
roaming requirements
Design Guide
• Summarize all gathered intel &
established parameters,
configuration details and data.
• Output - a design guide, architectural
diagram and an implementation plan
combining your requirements and
NTT best-practices
Build - Overview of the NTT DATA Azure Active Directory Implementation Phases
PHASE 1
Build a Foundation of Security
• Define privileged roles in Azure AD,
such as global admin, as well as
non-global administrative roles, and
enable Privileged Identity
Management to track usage of roles.
• Configure Self-Service Password
Reset for users
• Configure password policies, banned
passwords and enable on-premises
integration for password protection
• Configure MFA and Conditional
Access baseline
• Enable Azure AD Identity Protection
to track risky sign-ins and
compromised user passwords
Enabling Controls
Assess usage and performance patterns from the captured alerts established during the preceding phases to validate the controls meet the
objectives. Configure governance controls based on required modifications as indicated during the testing process.
PHASE 2
Import users, enable synchronization
and manage devices
• Install Azure AD Connect and Azure
AD Connect Health
• Enable password hash sync and
password writeback
• Assign licensing to users
• Create plan for external user access
• Decide on device management
strategy
• Deploy Windows Hello for Business
in organization
• Deploy Passwordless authentication
methods for users
PHASE 3
Manage applications
• Identify on-premises, SaaS and
other Line of Business applications
to see if they can be managed by
Azure AD
• Integrate supported SaaS
applications that exist in the Azure
portal
• Deploy and configure Azure AD
Application Proxy to integrate access
to on-premises applications
PHASE 4
Audit privileged identities, complete
access reviews, manage user lifecycle
• Enforce the use of Privileged Identity
Management
• Complete access review for Azure
AD directory roles in Privileged
Identity Management
• Implement dynamic group
membership policies
• Implement group-based application
provisioning for SaaS applications
• Automate user provisioning and
deprovisioning for HR systems and
Azure AD
Run - NTT DATA Azure Active Directory Managed Services
Operational Support
Operational support to ensure Azure Active Directory is
operating efficiently. We monitor for threats and
provide remediation to help mitigate exposure to risk.
• Maintain Azure AD Connect servers and ADFS
infrastructure
• Regularly execute and triage IdFix reports, ensuring
healthy directory synchronizations
• Triage Azure AD Connect Health Alerts for Sync and
ADFS
• Manage user identities, including:
• Group memberships
• Assignment of licenses
• Assign users to enterprise applications
• CRUD (create, read, update, delete) operations
• Manage access by external users
• Manage device joins and removal from Azure AD or
Hybrid Azure AD.
• Configure Conditional Access policies
• Monitor authentication logs for anomalies or login
problems on:
• Azure AD App Proxy Connectors
• Passthrough Auth Agents
• Password Writeback Service
• On-premises password protection gateway
Optimization Support Audit Support
Support client-let audit preparations for
Continual improvement efforts to consistently
compliance or security program-related
improve the client’s security posture
efforts
On a monthly basis: Audit assistance on up to a biannual
• Drive improvements to Identity Secure Score basis. Such tasks may include:
• Manage lifecycle of SSO config for Azure AD
• Review proper application of technical
• Triage and investigate security and risk events compliance controls in of Azure AD if
• Review and design catalogs and access packages customer is subject to regulation
for applications and resources
• Assign users to access packages in line with • Ensure Azure AD audit logs, including
security policies sign-in activity and risk events are
being archived to a SIEM for historical
• Review approval workflows regularly to ensure the
reference
proper approvers are included
• Design and implement Conditional Access policies • Export data from Azure AD upon
request
On a quarterly basis:
• Off-band reporting per client-directed
• Regularly review to enterprise applications requirements
• Regularly review access to directory by external
identities
• Review who has been granted access to privileged
roles
• Review steps for defining security gates for
activation of privileged roles
• Review consent grants to applications
 Did you know?

of U.S. data records the average

enterprises 146 expected to be $3.9 cost of a data
Cybersecurity 71% report suffering compromised by million breach
a breach
billion 2023 to a company
Protecting the enterprise against threat
actors

SERVICES OUTCOMES AWARDS & ALLIANCES WHY NTT DATA?

Ranked #2 by revenue in Gartner®

Leveraged, dedicated, and hybrid
managed models 60 days 62% Market Share Analysis: Managed Top In worldwide services,
2021, in market share by
saved after
NTT DATA was
reduction Security Services, Worldwide, 2021 10 revenue (Gartner)
4

in security events (Gartner)¹

• Cloud security
• Governance, risk and compliance
• Identity and access management
• Digital workplace security
• Intelligent network security
• Managed detection and response
• Data security
• Application security
• Proprietary solutions and
research developed from our PHI,
CIS and MEI Labs and client
collaborations
hired to perform
after two years of Improved threat insights by
penetration testing managed security Leader in the BFS Risk and monitoring 40% of global
Compliance IT Services PEAK Matrix® internet traffic and collecting
(Konica Minolta
(Fortune 100 financial
Assessment 2020 (Everest)² data from 1,200+ “honeypots”
Business Solutions)
services firm)
Major contender in the IT Managed
Security Services PEAK Matrix® 5,000 security experts with
~$2.3 6.1 trillion Assessment 2021 (Everest) certifications from CISSP,
CISA, CSM, CCSK, CSF
million logs analyzed
annually, liberating CSA corporate member and others
saved by providing our clients’ hybrid
HER and PACS on IT experts Accredited Azure MSP
a security-
8 security operations
centers supported by 7 R&D
compliant cloud
(NTT Global Threat centers with an annual
(CarePoint Health) Intelligence Platform) budget of $4 billion
GARTNER is a registered trademark and service mark of Gartner, Inc. and/or its affiliates in the U.S. and internationally and
is used herein with permission. All rights reserved. Gartner does not endorse any vendor, product or service depicted in its
Sources:
1
Gartner® Market Share Analysis: Managed Security Services, Worldwide, 2021 – June 2022
research publications and does not advise technology users to select only those vendors with the highest ratings or other
designation. Gartner research publications consist of the opinions of Gartner’s Research & Advisory organization and should
² Everest Group. “IT Managed Security Services (MSS) PEAK Matrix® Assessment 2021,” June 2021
not be construed as statements of fact. Gartner disclaims all warranties, expressed or implied, with respect to this research,
3
Everest Group. “IT Services PEAK Matrix® Assessment 2020: Building Cloud-Based Data Infrastructure for Intelligent Real-Time Controls.”
including any warranties of merchantability or fitness for a particular purpose. June 2020
4
Gartner®, Market Share Analysis: IT Services, Worldwide, 2021 - June2022
 Platform Specialists – Cybersecurity FY23
What we do…
Rob Mariani
Global Sales Team
Leader  “Front Door” for all Cybersecurity opportunities

 DO and CDTS
Platform Specialists - Cybersecurity Pre-Sales Advisors
 Advisory, Implementation and
Managed Services
Rich Darrell
Scott Benson Public Sector,
Healthplan Life Brian Eckert  Aligned by SBU and Integrated with SBU
Emerging
Sciences Accounts specific selling process

 Account Planning
Stan Riemer  Thought Leadership
Robert Laviolette
Manufacturing TBH International Contact the team:
Business/FSI
securitysales@nttdata.com  Sales Pursuits

Brian Saucier  Closing and Winning!

Paul Brillaud
Commercial Healthcare  We position our capabilities with clients and
Industries Provider, Canada
prospects, qualify opportunities and manage
pursuit activities to win new Cybersecurity
Revenue
Harbir Brar
FSI

© 2022 NTT DATA, Inc. All rights reserved. 11

security.sales@nttdata.com

© 2021 NTT DATA, Inc. All rights reserved.